09dafe67955f33215f9c1f063a3e24e5f253516dfdb3faffad4c1b2c229a2336 | Triage

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/05/2024, 21:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Mercury.dll
Size

1.4MB
MD5

20b1b49f92c56d904d049a6599eb32b8
SHA1

0c890f6914807803916fe504cd5f365bbd1992a7
SHA256

4a07fedbc723f59592353dfa9fc153ea8290af9504ddb7b624d5a9e142e80a79
SHA512

42113589b821f2e1f6131424542ce4e3d688c1ba3dee4aab44dea259473290fe2d5c7b38976bc19b2664288d8dfe5c43bc79cd336631e45dd10692380bded5dc
SSDEEP

24576:C2l0Met9EJ9a7tclccGjv3fb2EVQZKxYqnMsT8TAwMZFZHKsP38mRxmea+sf:J7mT3fb2EVtxjl8Tli0NJf

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 2124	2264	rundll32.exe	28
PID 2264 wrote to memory of 2124	2264	rundll32.exe	28
PID 2264 wrote to memory of 2124	2264	rundll32.exe	28
PID 2264 wrote to memory of 2124	2264	rundll32.exe	28
PID 2264 wrote to memory of 2124	2264	rundll32.exe	28
PID 2264 wrote to memory of 2124	2264	rundll32.exe	28
PID 2264 wrote to memory of 2124	2264	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Mercury.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Mercury.dll,#1
  2⤵
  PID:2124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads